[英]Spring boot oauth2 “/auth/oauth/token” forbidden
I'm setting up a basic oauth2 Authorization server. 我正在设置基本的oauth2授权服务器。 Here's my Application Config. 这是我的应用程序配置。
@SpringBootApplication
@RestController
@EnableResourceServer
@EnableAuthorizationServer
public class Application {
@RequestMapping(value = { "/user" }, produces = "application/json")
public Map<String, Object> user(OAuth2Authentication user) {
Map<String, Object> userInfo = new HashMap<>();
userInfo.put("user", user.getUserAuthentication().getPrincipal());
userInfo.put("authorities", AuthorityUtils.authorityListToSet(user.getUserAuthentication().getAuthorities()));
return userInfo;
}
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
WebSecurityConfigurer WebSecurityConfigurer
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
@Configuration
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
@Bean
public UserDetailsService userDetailsServiceBean() throws Exception {
return super.userDetailsServiceBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("john.carnell").password("password1").roles("USER")
.and()
.withUser("william.woodward").password("password2").roles("USER", "ADMIN");
}
}
and my Oauth2Config 和我的Oauth2Config
@Configuration
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("eagleeye")
.secret("thisissecret")
.authorizedGrantTypes("refresh_token", "password", "client_credentials")
.scopes("webclient", "mobileclient");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
}
I'm trying to retrieve a token from localhost:8080/auth/oauth/token using postman but it only throws this error. 我正在尝试使用邮递员从localhost:8080 / auth / oauth / token检索令牌,但只会引发此错误。
{
"error": "unauthorized",
"error_description": "Full authentication is required to access this resource"
}
and here's the value I am passing from postman 这就是我从邮递员那里传递的价值
I was able to access the endpoint but it returned an error but that's for another question. 我能够访问端点,但是返回了错误,但这是另一个问题。 I just changed the url from localhost:8080/auth/oauth/toke
n to localhost:8080/oauth/token
我只是将网址从localhost:8080/auth/oauth/toke
n更改为localhost:8080/oauth/token
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.